How the Nissan Source Code Leak Could Have Been Avoided
Development

How the Nissan Source Code Leak Could Have Been Avoided

Tips for keeping your Git repos secure

And you thought you were having a bad day…did you see what happened to the developers over at Nissan

The source code (Git repos) for Nissan’s mobile apps and internal tools was leaked to the Internet because the link was publicly accessible and the password easy to guess. 😬 Yikes. 

Hosting Code on Bitbucket 

Bitbucket Server is commonly configured for offline use. Ideally, you’d configure your Bitbucket Server so that only a targeted set of end-users could browse to the instance, and authenticate to their Git repositories over HTTPS or SSH.

See how the GitKraken Git GUI provides secure connections to remote Git repositories over HTTPS or SSH.

Learn more about GitKraken authentication.

How did the Nissan code leak happen?

Nissan reports they’re conducting an investigation on the source code leak, where hopefully they uncover how such a simple error could have been avoided. While they dig, the rest of us can enjoy 2 easy takeaways from this episode:

Security Tips for Your Git Repository

By nature, there are some security vulnerabilities associated with Git, as it is controlled with server access and developers can rewrite history. However, instituting collaborative procedures and utilizing tools, like a Git client, that help you securely connect to your remote data, will help you easily avoid these simple mistakes.    

Understand Your Git Repo’s Permission Settings 

Don’t make your self-hosted Bitbucket instance publicly accessible (unless that’s your intent).

Set a Password 

Don’t use default passwords. 

This should go for any password you’re setting online these days, but especially for professional accounts. 

Consider using a tool, like LastPass, that can set secure passwords and manage your account logins. You can even share passwords for collaborative team accounts.

Using Bitbucket with GitKraken

GitKraken could have made the Nissan team’s authentication easy and secure with personal access tokens.  

When setting up the GitKraken integration with a Bitbucket Server, we prompt the user to confirm the URL and provide a personal access token. 

gitkraken bitbucket integration

GitKraken will direct you to login with your Bitbucket Server credentials to create the access token, including the permissions you can assign to the token. This is another area where you can enhance your Git repo’s security.  

We also give users the ability to generate SSH keys for Bitbucket Server

Secure Your Git Repos with GitKraken

The GitKraken Git GUI provides multiple options for securely connecting to your remote Git repositories, as well as permissions settings to meet the needs of growing development teams.

Stay on the cutting edge of software development by getting innovative tips, trends and stories delivered to your inbox every month!

Agile project management software
Plan, develop, review, and ship fast

Visit Axosoft.com

Legendary suite of developer tools
GitKraken Git GUI, Boards & Timelines

Visit GitKraken.com